inc_customer_action.asp

学习管理 校友录有关的系统 本人学习的结果 与大家共享

<!-- #include file = "../inc_action.asp" -->
<%
'===================================================================
'= ASP FILENAME	: /inc/inc_action.asp
'= CREATED TIME : 2006-4-17 11:10
'= LAST MODIFIED: 2006-4-17 11:10
'= VERSION INFO : CCASP Framework Ver 2.0.1 ALL RIGHTS RESERVED BY www.cclinux.com
'= DESCRIPTION  : Action处理
'= Change Log:
'===================================================================
'====================================================================
'= Function    : ActionFilter
'= Time		   : Created At 2206/05/02
'= Input       : 
'= Description : 用户请求校验与分拣
'= Change Log :
'= 2006-7-20 增加非法字符校验
'===================================================================
Function ActionFilter(strPageName,strAction)

	Dim i
	Dim blnAuthFlag : blnAuthFlag = True '== 不需要做权限校验的页面
	Dim strActionName	'== 请求名
	Dim strActionFile   '== 所属文件
	Dim intActionType   '== 请求类型 0--show 1--pure execute

	'== 若未加载则需即可加载才能使用
	If Application(GBL_strCookieURL & "APP_ConfigLoaded") = "" Or IsNull(Application(GBL_strCookieURL & "APP_ConfigLoaded")) Then
		Call LoadParaLogic()
	End If

	'== 论坛相关
	GBL_strForumMasterName = Application(GBL_strCookieURL & "strForumMasterName")
	GBL_strForumMasterAccount = Application(GBL_strCookieURL & "strForumMasterAccount")
	GBL_strForumMasterId = Application(GBL_strCookieURL & "strForumMasterId")

	'== 网站公告
	GBL_strWebBoard = Application(GBL_strCookieURL & "APP_strBoard")
	GBL_strWebReg = Application(GBL_strCookieURL & "APP_strReg")

	GBL_intAlbumMaxSize = Application(GBL_strCookieURL & "APP_intAlbumSize")

	'== for cc test
	GBL_strUserRole	= GBL_strUserAction
	
	If GBL_intUserId = 0 Then
		Dim strUser,strPwd
		strUser = Trim(Request.Cookies(GBL_strCookieURL)("user"))
		strPwd = Trim(Request.Cookies(GBL_strCookieURL)("pass"))
		If CheckPass(strUser,strPwd,1) Then
			Call ActionOver()
			Response.Redirect GBL_strHomeUrl & "user/user_info_show.asp"
			Exit Function
		Else
			'== destory cookie
			Response.Cookies(GBL_strCookieURL)("user") = ""
			Response.Cookies(GBL_strCookieURL)("pass") = ""
			Response.Cookies(GBL_strCookieURL).Expires = Date - 1
			If Not ParseActionNoAuth(strAction,strActionName,intActionType,strActionFile) Then
				Call ActionOver()
				Response.Redirect GBL_strHomeUrl & "user/user_login_form.asp"
				Exit Function
			End If
		End If
	End If
	
	'== 更新在线用户情况
	'If Not GetNowOnline() Then
	'	Exit Function
	'End If

	'== 不需要做权限校验的页面
	If Not ParseActionNoAuth(strAction,strActionName,intActionType,strActionFile) Then
		blnAuthFlag = True
	Else
		blnAuthFlag = False
	End If
	
	'== 权限校验
	If blnAuthFlag = True Then 
		If Not ParseAction(strAction,strActionName,intActionType,strActionFile) Then
			If GBL_intUserId = 0 Or IsNull(GBL_intUserId) Then	'== 未登陆则返回登陆页
				Call ActionOver()
				Response.Redirect GBL_strHomeUrl & "user/user_login_form.asp"
				Response.End
				Exit Function
			Else '== 登陆则错误提示
				Call GBL_objException.catchErr(E_USER_PUB,"该页面不存在或您没有访问权限")
				Exit Function
			End If		
		End If
	End If

	'== 非法数据校验
	If CTL_FORBIDDEN_VALID Then
	Call ForSqlForm()
	End If

	'== 执行逻辑
	If intActionType = 1 Then
		Call ActionExecute(strAction)
		Call ExceptionExecute()
	ElseIf intActionType = 0 Then
		'== 当页显示成功信息模式
		If GBL_intSuccType = 3 Then
			GBL_strSuccInfoHint = Trim(Request.QueryString("succInfo"))
		End If
		'== 加载页面
		Call LoadPageTpl()
		Call ExceptionExecute()
	Else
		Call GBL_objException.catchErr(E_USER_PUB,"错误的页面请求")
		Exit Function
	End If

End Function

'===================================================================
'= Function    : ActionAuThenCheck(intAuThen)
'= Time        : Created At 2006-5-3
'= Input       : None
'= Description : 用户访问权限校验
'===================================================================
Function ActionAuThenCheck(intAuThen)
	
	Dim intAuthenNow
	Dim strUser,strPwd

	strUser = Trim(Request.Cookies(GBL_strCookieURL)("user"))
	strPwd = Trim(Request.Cookies(GBL_strCookieURL)("pass"))
	
	If Not IsEmpty(Session(GBL_strCookieURL & "SEN_strUserAuThen")) Then
		If IsNumeric(Session(GBL_strCookieURL & "SEN_strUserAuThen")) Then
			intAuthenNow = Cint(Session(GBL_strCookieURL & "SEN_strUserAuThen"))
		Else
			intAuthenNow = -1
		End If
	Else
		intAuthenNow = -1
	End If
	
	'== open for all (include guest)
	If intAuThen = 9 Then

		If CONST_PAGE_FILE = "user/user_login_form.asp" Or CONST_PAGE_FILE = "user/user_announce.asp" Or CONST_PAGE_FILE = "user/user_reg_form.asp" Then
			Exit Function
		End If

		'== check cookie exsit
		If (Not IsEmpty(strUser)) And _
			(strUser <> "") And _
			Not IsEmpty(strPwd) And _
			(strPwd <> "") And _
			(IsEmpty(Session(GBL_strCookieURL & "SEN_UserId")) Or _
			Session(GBL_strCookieURL & "SEN_UserId") = "") _
		Then
			If CheckPass(strUser,strPwd,1) Then
				Set GBL_objPubDB = Nothing
				Response.Redirect GBL_strHomeUrl & "user/user_info_show.asp?action=ShowUserAllInfo"
				Exit Function
			Else
				'== destory cookie
				Response.Cookies(GBL_strCookieURL)("user") = ""
				Response.Cookies(GBL_strCookieURL)("pass") = ""
				Response.Cookies(GBL_strCookieURL).Expires = Date - 1
				Set GBL_objPubDB = Nothing
				Response.Redirect GBL_strHomeUrl & "user/user_login_form.asp?action=FormUserLogin"
				Exit Function
			End If
		Else
			Exit Function
		End If

	End If


	'== check the comm user
	If IsEmpty(Session(GBL_strCookieURL & "SEN_strUserRealName")) Or _
			IsEmpty(Session(GBL_strCookieURL & "SEN_UserId")) Or _
			IsEmpty(Session(GBL_strCookieURL & "SEN_strUserAccount")) Or _ 
			Session(GBL_strCookieURL & "SEN_strUserRealName") = "" Or _
			Session(GBL_strCookieURL & "SEN_UserId") = "" Or _
			Session(GBL_strCookieURL & "SEN_strUserAccount") = "" Then

			If CheckPass(strUser,strPwd,1) Then

				Set GBL_objPubDB = Nothing
				Response.Redirect GBL_strHomeUrl & "user/user_info_show.asp?action=ShowUserAllInfo"
				Exit Function

			Else

				Set GBL_objPubDB = Nothing
				Response.Redirect GBL_strHomeUrl & "user/user_login_form.asp?action=FormUserLogin"
				Exit Function
				
			End If

	End If

	'== check the administrator
	If intAuThen = 1 Then

		If intAuthenNow <> intAuThen Then 
			Call ResultExecute(18,"管理员权限","ES_ERR")
			Exit Function
		End If

	End If

End Function


'===================================================================
'= Function    : ParseAction
'= Time        : Created At 2006-5-3
'= Input       : None
'= Description : 解析权限字符串
'===================================================================
Function ParseAction(strNowAction,ByRef strActionName,ByRef intActionType,ByRef strActionFile)
	Dim objReg,Matches,strTmp,arrTmp,Item
	Dim strActionStr	'== 目前的权限校验字符串

	'== 检验是否登陆
	If GBL_intUserId <> "" And GBL_strUserRole <> "" Then
		strActionStr = GBL_strUserRole & "|||"
	Else
		strActionStr = GBL_strDefaultUserRole & "|||"
	End If

	Set objReg = new RegExp			' 建立正则表达式
	objReg.IgnoreCase = true		' 忽略大小写
	objReg.Global	= false			' 设置全局可用

	objReg.Pattern = "\|\|\|" & strNowAction & "(.|\n)*?\|\|\|"
	Set Matches = objReg.Execute(strActionStr)
	strTmp = ""
	For Each Item in Matches
		strTmp = strTmp & Item.Value
	Next
	
	Set objReg = Nothing
	Set Matches = Nothing
	Set Item = Nothing

	If Trim(strTmp) = "" Then